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Common Authentication Technology Overview 


Status of this Memo 


This memo provides information for the Internet community. It does 
not specify an Internet standard. Distribution of this memo is 
unlimited. 

Overview 


The IETF’s Common Authentication Technology (CAT) working group has 
pursued, and continues to pursue, several interrelated activities, 
involving definition of service interfaces as well as protocols. As 
a goal, it has sought to separate security implementation tasks from 
integration of security data elements into caller protocols, enabling 
those tasks to be partitioned and performed separately by 
implementors with different areas of expertise. This strategy is 
intended to provide leverage for the IETF community’s security- 
oriented resources (by allowing a single security implementation to 
be integrated with, and used by, multiple caller protocols), and to 
allow protocol implementors to focus on the functions that their 
protocols are designed to provide rather than on characteristics of 
particular security mechanisms (by defining an abstract service which 
multiple mechanisms can realize). 


The CAT WG has worked towards agreement on a common service 
interface, (the Generic Security Service Application Program 
Interface, or GSS-API), allowing callers to invoke security 
functions, and also towards agreement on a common security token 
format incorporating means to identify the mechanism type in 
conjunction with which security data elements should be interpreted. 
The GSS-API, comprising a mechanism-independent model for security 
integration, provides authentication services (peer entity 
authentication) to a variety of protocol callers in a manner which 
insulates those callers from the specifics of underlying security 
mechanisms. With certain underlying mechanisms, per-message 
protection facilities (data origin authentication, data integrity, 
and data confidentiality) can also be provided. This work is 
represented in a pair of RFCs: RFC-1508 (GSS-API) and RFC-1509 
(concrete bindings realizing the GSS-API for the C language). 
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Concurrently, the CAT WG has worked on agreements on underlying 
security technologies, and their associated protocols, implementing 
the GSS-API model. Definitions of two candidate mechanisms are 
currently available as Internet specifications; development of 
additional mechanisms is anticipated. RFC-1510, a standards-track 
specification, documents the Kerberos Version 5 technology, based on 
secret-—key cryptography and contributed by the Massachusetts 
Institute of Technology. RFC-1507, an experimental specification, 
documents the Distributed Authentication Services technology, based 
on X.509 public-key technology and contributed by Digital Equipment 
Corporation. 
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Security Considerations 

Security issues are discussed throughout the references. 
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